CVE-2016-10937 (https://nvd.nist.gov/vuln/detail/CVE-2016-10937): IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8d4b7c8dc97c3c5c5b689508aa7e1e41a9b49dd commit e8d4b7c8dc97c3c5c5b689508aa7e1e41a9b49dd Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 01:51:40 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 22:52:55 +0000 mail-filter/imapfilter: Security bump to 2.6.16 The original bug was first fixed in 2.6.13, and since then various improvements to hostname validation were made. Bug: https://bugs.gentoo.org/699032 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15098 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-filter/imapfilter/Manifest | 1 + mail-filter/imapfilter/imapfilter-2.6.16.ebuild | 43 +++++++++++++++++++++++++ 2 files changed, 44 insertions(+)
amd64 stable
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba65742fe33095ff1dcb02524fa72a00fe8f4c74 commit ba65742fe33095ff1dcb02524fa72a00fe8f4c74 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-26 18:28:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-26 18:28:09 +0000 mail-filter/imapfilter: security cleanup (bug #699032) Bug: https://bugs.gentoo.org/699032 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-filter/imapfilter/Manifest | 2 -- mail-filter/imapfilter/imapfilter-2.5.6.ebuild | 38 ---------------------- mail-filter/imapfilter/imapfilter-2.6.12.ebuild | 43 ------------------------- 3 files changed, 83 deletions(-)
GLSA Vote: No! Repository is clean, all done!
